Re: FTP Issues thru PIX 515

rjsatter · ‎04-30-2003

Looking for the most secure way to allow FTP transfers through our corporate Firewall.

Right now if an FTP is initiated from the inside network . . . we can connect to the FTP site and login but cannot execute commands like "ls -al" or actually move data.

I can see my firewall blocking inbound tcp connections from the FTP server on ports 20 and what appears to be a randomly generated tcp port.

tvanginneken · ‎04-30-2003

Hi,

is the ftp fixup protocol enabled?

Regards,

Tom

rjsatter · ‎05-01-2003

Yes . . . I have fixup protocol ftp 21 configured on the PIX.

bmuha · ‎05-01-2003

I do not think port 20 is random it is ftp-data port you may need to open this up on the firewall... Also have you tried using passive mode in your ftp client

--Brian

rjsatter · ‎05-01-2003

Here is what I see being blocked on the firewall for each command I try to issue once I am connected to the FTP server . . . my private network address is being xlated to 216.248.65.178.

106001: Inbound TCP connection denied from 207.177.41.14/6411 to 216.248.65.178/113 flags SYN on interface outside

106001: Inbound TCP connection denied from 207.177.41.14/20 to 216.248.65.178/1132 flags SYN on interfaceoutside

The 207.177.41.14 address is the address of the server I connect to via FTP. Connect works but no other commands work.